Basic Structure of NASL ScriptsTopOvaldi (OVAL support in OpenVAS)Developers Guide for Network Vulnerability Tests

Developers Guide for Network Vulnerability Tests

The Network Vulnerability Tests (NVTs) used by OpenVAS to check for existing security issues on remote systems are written in the scripting language NASL. NASL (short for Nessus Attack Scripting Language) was originally designed for the Nessus security scanner by Renaud Deraison.

The motivation behind NASL was to create a language enabling even users with limited programming experience to write vulnerability tests in a short amount of time and to allow users to easily add new vulnerability tests to their existing installation without having to worry about compatibility issues.

The first version of NASL (also known as NASL1) was created in 1998 by Renaud Deraison. In 2002, Michel Arboi and Renaud Deraison developed an improved NASL parser which extended the range of built-in functions and operators. This improved version is generally referred to as NASL2.

If not indicated otherwise, this compendium describes NASL2 as it is implemented in OpenVAS.

The NASL syntax was inspired by C. Users with experience in C or related programming languages should be able to pick up the basics of NASL development in a relatively short amount of time.

Starting from OpenVAS 2.0.0, support has been added to OpenVAS for the Open Vulnerability and Assessment Language (OVAL) as documented in section *. This means that OpenVAS will also understand vulnerability tests specified in OVAL. Even though support for OVAL in OpenVAS is very limited at this time, you might want to consider OVAL as an alternative when writing NVTs. More information about OVAL can be found at

http://oval.mitre.org/language/about/index.html
.


Basic Structure of NASL ScriptsTopOvaldi (OVAL support in OpenVAS)Developers Guide for Network Vulnerability Tests